Views:

Trend Micro releases new rule updates every Tuesday, but it is recommended to create a schedule for checking the Security Updates on a daily basis.

Create a daily schedule for checking the Security Updates

  1. Navigate to Administration > System Settings.
  2. Click Updates > Security.
  3. Check the status of pattern updates and rule updates. If the patterns or rules are not up-to-date, manually run a checking by clicking Check for Updates and Download....

    Check for Updates and Download

  4. Go to Administration > System Settings.
  5. Click Updates > Security > Rules.
  6. Verify if the latest DSRU has been applied.

    Verify the applied DSRU

After you enable Intrusion Prevention and assigned rules, it is recommended to start from Detect Mode, instead of Prevent Mode.

Enable Detect Mode for Intrusion Prevention

When you are satisfied that Intrusion Prevention is not finding false positives, configure your policy to use Intrusion Prevention in Prevent Mode so that rules are enforced and related events are logged.

If you need to submit a case to Trend Micro Technical Support, kindly collect all necessary logs below:

  • Deep Security Manager diagnostic package
  • Deep Security Agent diagnostic package
  • Network packets

    Capture network packets in the affected host, if possible. Use Wireshark on Windows and tcpdump on Linux. Include the date and time when the issue occured.

  • Export IPS event

    By default, Deep Security records the data only on the first instance when the event occurs within a specified period of time. The default time is five (5) minutes.

    You can manually enable Always Include Packet Data to help support analysis.

    Let's take Rule ID 1001933 for example. Right-click the Rule ID 1001933 and select Properties (Global) > General > Events. Then enable Always Include Packet Data.

    Always include packet data

Keywords: intrusion prevention issue,resolve ip deep security,fix intrusion prevention